Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Local Intrusion Detection by Bluff Probe Packet (LIDBPP) in A mobile Ad Hoc Network (MANET)

Local Intrusion Detection by Bluff Probe Packet (LIDBPP) in A mobile Ad Hoc Network (MANET)

Ratings: (0)|Views: 10|Likes:
Published by ijcsis
Mobile ad hoc network (MANET) is a collection of wireless nodes that are distributed without dependency on any permanent infrastructure. MANET security has been studied in recent years For example the black hole threats which make the source believes that the path to the destination being through it. Researchers have proposed their secure routing idea in order to encounter these threats, the problem is that the security threats still exists because it is not prevented or avoided completely in addition, some of the solutions adversely affected network performance, such as adding additional network overhead and time delay. The main objectives of this paper is to discuss some recent solutions that work to detect a black hole node by using different strategies, one of these solutions is S-ZRP, it will be developed in this paper to generate a new proposed solution called local intrusion detection by bluff probe packet (LIDBPP), it will locally begin detection by the previous node and not by the source node as in S-ZRP, this will decrease the negative impact n the performance of MANET such as network overhead and time delay in AODV based MANET.
Mobile ad hoc network (MANET) is a collection of wireless nodes that are distributed without dependency on any permanent infrastructure. MANET security has been studied in recent years For example the black hole threats which make the source believes that the path to the destination being through it. Researchers have proposed their secure routing idea in order to encounter these threats, the problem is that the security threats still exists because it is not prevented or avoided completely in addition, some of the solutions adversely affected network performance, such as adding additional network overhead and time delay. The main objectives of this paper is to discuss some recent solutions that work to detect a black hole node by using different strategies, one of these solutions is S-ZRP, it will be developed in this paper to generate a new proposed solution called local intrusion detection by bluff probe packet (LIDBPP), it will locally begin detection by the previous node and not by the source node as in S-ZRP, this will decrease the negative impact n the performance of MANET such as network overhead and time delay in AODV based MANET.

More info:

Published by: ijcsis on Dec 07, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/14/2015

pdf

text

original

 
 
Local Intrusion Detection by Bluff Probe Packet (LIDBPP) in A mobile Ad Hoc Network (MANET)
1
Imad I. Saada
2
Majdi Z. Rashad
2,1
Department of Computer Science, Faculty of Computer and Information Sciences, Mansoura University, Egypt
 Abstract -
 Mobile ad hoc network (MANET) is a collection of wireless nodes that are distributed without dependency on any permanent infrastructure. MANET security has been studied in recent years For example the black hole threats which make the source believes that the path to the destination being through it. Researchers have proposed their secure routing idea in order to encounter these threats, the problem is that the security threats still exists because it is not prevented or avoided completely in addition, some of the solutions adversely affected network performance, such as adding additional network overhead and time delay. The main objectives of this paper is to discuss some recent solutions that work to detect a black hole node by using different strategies, one of these solutions is S-ZRP, it will be developed in this paper to generate a new proposed solution called local intrusion detection by bluff probe packet (LIDBPP), it will locally begin detection by the previous node and not by the source node as in S-ZRP, this will decrease the negative impact on the performance of MANET such as network overhead and time delay in AODV based MANET.
 Keywords; LIDBPP, MANET, Black hole, AODV, Network  security.
I. INTRODUCTION
 
MANET which includes a number of nodes connected by wireless link, has many challenges such as security threats which hangover nodes, packets, and overall network. this network, used widely in military purposes, Disaster area,  personal area network and so on, routing protocols are designed for MANET properties of a self-regulating environment without protection against any inside or outside network threats. many ideas are proposed to solve the security threats, unfortunately the problem has not avoided completely. in this paper, the main interest is in organizing the information of each technique, and proposing a new algorithm called LIDBPP, this algorithm can detect and block multiple  black holes while maintaining the network performance in terms of network overhead and time delay. The paper is organized as follow: - Section one: introducing the subject of the paper and the main interest. - Section two: display MANET routing protocols, and discussing AODV. - Section three: defining black holes, types of black hole attacks. - Section four: introducing the related works, the paper will have a description of each technique, the advantages and disadvantages will be discussed by analyzing each paper. - Section five: a local intrusion detection by bluff probe packet (LIDBPP) will be developed as a new solution. - Section six: the paper contains a table with summarized information. - Section seven: conclusion and the future work. II. MANET ROUTING PROTOCOLS
Figure 1. MANET routing protocols
Since most of the secure routing ideas in this paper are applied on AODV routing protocol, the paper will discuss the algorithm of AODV as follows:
 To find a route to the destination, the source  broadcasts a route request packet (RREQ) immediately to the destination if there is a direct link between source and destination or the source send (RREQ) to the neighboring nodes. The neighbors broadcast (RREQ) to their neighbors till it reaches an intermediate node. Each node records in its tables the node from which the first RREQ came ( this information used for sending RREP). The destination or an intermediate node selects the fresher route to the destination based on the destination sequence number, the destination or the intermediate node responds by sending a route reply (RREP) packet to the source node using the path established when the RREQ was sent. When the source receives the RREP, it
(IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 11, November 201366http://sites.google.com/site/ijcsis/ ISSN 1947-5500
 
 
establishes a forward path to the destination and sends a  packet to the source through the path established when the source receives the RREP.
III. BLACK HOLES
Black hole is one of the most famous security threats, it is a node in the network that announces itself as a node that has the fresher path for the destination, black hole makes the source believe that the path to the destination  being through it as follows:
Figure 2. MANET with black hole
When the source node sends RREQ to N1, N2 and N3 since N1 and N2 do not have any route to the destination it will not response RREQ, N3 does not have route to the destination so it will send RREQ to the neighboring node BH (black hole) which will send RREP to the source to make it  believes that BH has the fresher route to the destination. Source node sends data packets to BH but these packets will not be sent to the destination, BH will kill this packet instead sending it to the destination.
Types of black hole attacks
- Single black hole attack: if there is one black hole in the network. - Multiple black holes attack: if there are more than one black hole in the network cooperate with each other against the network and cause grater negative influence on the network, the solution for multiple black hole is more complex. IV. RELATED WORK: Some Black Hole Solutions
  A. A Local Intrusion Detection Security Routing (LIDSR) mechanism
[1]
LIDSR mechanism allows the detection of the attacker to be locally done, which means that when the suspected attacker node (node N5) unicasts the RREP towards the source node (node N1) the previous node (node N4)to the attacker node performs the process of 
 
detection, and not the source node
 
(node N1) as in SIDSR mechanism [1]. First, the
 
 previous
 
node (node N4) buffers the RREP packet. Second, it uses a new route to the next node (node N6) and sends a FRREQ packet to it. When the previous node (Node N4) receives the FRREP packet from the next node (Node N6), it extracts the information from the FRREP packet and behaves according to following rules: 1. If the next node (N6) has a route to the attacker node (N5) and the destination node (N7). In this case, N4 assumes that  N5 is trusted node and it discards the FRREP packet, then unicasts the RREP packet which received from N5 to the source node (N1). 2. If the next node (N6) has no route to the destination node (N7) or the attacker node (N5) or both of them (N5 and N7), the previous node (N4) discards the buffered RREP and the FRREP as well, at the same time broadcasting the alarm message to announce that there is no secure enough route available to the destination node (N7). [1] The last case includes another scenario, such as the case in which the previous node (N4) does not receive any FRREP packet from the next node (N6). Here,N6 will discard the RREP packet and inform the source node to initiate new route discovery process to the destination.
Figure 3. MANET with black hole
 Advantages and disadvantages
The simulation compares LIDSR with SIDSR (source intrusion detection security routing mechanism), it proves that LIDSR causes lower network overhead, time delay and increases throughput by changing the number of nodes, network size, and the transmission range, but LIDSR can support network with one black hole node and can not deal with the networks with multiple cooperative black hole nodes.
 B. BDSR Scheme
[2] This paper proposes BDSR which merges proactive and reactive defense architecture in MANET. The BDSR bait the malicious node to reply RREP by using a virtual and nonexistent destination address. Finally the detected black hole node is listed in the black hole list and notices all other nodes in the network to stop any communication with them. BDSR use the same method as RREQ of DSR. The RREQ’ could only survive a period of time. We take advantage of  black hole’s feature that it would fake shortest route information and reply the information to source node directly. Baited black hole node replies RREP by the above mentioned mechanism. Because RREP has the ability of showing
 
the address of malicious node after modifying by us, it is
 
able to
 
wipe out malicious node among the network in the initial  period.
 Advantages and disadvantages
The results of simulation show that the packet delivery ratio (PDR) is higher than PDR in case of watchdog solution
(IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 11, November 201367http://sites.google.com/site/ijcsis/ ISSN 1947-5500
 
 
[4] (The Watchdog use neighbor nodes to overhear and detect malicious node. Watchdog depends on overhearing the packets whether be discarded deliberately to identify the malicious node), in addition BDSR causes less overhead than watchdog. But if there are many cooperative black holes, in this case BDSR can not deal with them.
C. Detection by broadcasting the bluff probe packet (S-ZRP)
[3] Suppose, L1, L2, L3, ………., Ln-1 are the nodes  between the source L0 and the destination Ln (we are considering Ln as black hole node). The algorithm works as-To detect black hole node, Origin L0 sends bluff RREQ  packet which contains the address of the nonexistent node, to the nearest guard node L2. It will check its table for entry of nonexistent node. If it is not in its table it will propagate this RREQ message to the intermediate nodes till Ln-1 node. Previous Next Hop Ln-1 delivers this RREQ message to the destination Ln. The destination black hole node replies and says that I have a shortest route for nonexistent node. The Ln node sends this RREP packet back to the nodes in the discovered route. Origin L0 Node Receive RREP(NE)Ln-1,……………2,1 packet and send BLOCK (Ln,  NE)IERP/BRP packet to Ln-1 node. This node deletes entry for Ln node. Now originator node or guard node broadcast this information to all the nodes.
 Advantages and disadvantages
S-ZRP is an efficient solution to detect the multiple black hole nodes and to stop their attack, the simulation shows how the approach prevents the black hole nodes from receiving and relaying the packets. But S-ZRP starts the detection process from the source, this strategy will negatively affect MANET performance. In addition, the simulation must show how S-ZRP may affect important performance metrics such as network overhead and time delay. V. A PROPOSED SOLUTION: A local Intrusion Detection  by Bluff Probe Packet (LIDBPP) The paper aims to propose a method based on bluff packet to detect and stop the black hole attack in AODV based MANET, this method can deal with multiple black holes attack and will start the detection process by sending a bluff  packet that includes a specific virtual destination address, an intermediate node (the previous node from the black hole) will send bluff packet and will take the decision with nonintervention from the source node as follow: -
 
If the RREQ includes a normal address and the node has a route to the destination it will send RREP. -
 
If the RREQ includes a normal address and the node has not a route to the destination it will forward RREQ to the next nodes. -
 
if the RREQ includes the specific virtual address then it is a bluff packet and it must be forwarded, if any node sends this packet and then receives RREP from the next node, it must send block packet because this node is a black hole node. -
 
As in figure 4 since a black hole node sends RREP regardless of the address of RREQ, then it will response to  bluff packet, so it will be blocked from the previous node.
Figure 4. A proposed solution
-
 
After blocking the black hole, the previous node will repeat sending bluff packet to the node that locates next the  blocked node and the process will be repeated until blocking all the black hole nodes as in figure 5, there are no need in this process to back to the source node, every intermediate node is responsible to block all black hole nodes that locate next. -
 
Each bluff packet generated from the source will clean the network, because bluff packet is moved from a node to a next node as a serial process.
Figure 5. A proposed solution
By starting from the previous node, there is no need to return to the source node, so the detection and blocking  process will be occurred with minimal number of packets and in short time, so network overhead and time delay will be minimized, but in S-ZRP [3] we can see that the detection  process needs more steps and messages in order to detect and  block the black hole node, especially if the distance between the source and black hole node is long, this will negatively affect the network performance such as increasing network overhead and time delay.
The algorithm of LIDBPP is as follow:
L0: source node, L1,2…..n….n+1: intermediate nodes, RREQn: RREQ with normal destination address, RREQs: RREQ with specific and virtual destination address. Stage1: Source node L0 Generate RREQ Propagate RREQ If RREQn Then Precede normal AODV algorithm Stage2: Else if RREQs && Ln send RREP to Ln-1 Then Stage3: Ln-1 send block Ln Ln receive block
(IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 11, November 201368http://sites.google.com/site/ijcsis/ ISSN 1947-5500

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->